Hi Paul,
You might need to withhold release of some required attribute such as
eduPersonScopedAffiliation to such restricted resources for your
overseas HESA registered partner students. Frequently the operators of
such restricted resources require the restriction to be applied at the
IdP end. I do feel that such service providers should do more to apply
the restrictions at their end, such as requiring an eduPersonEntitlement
value, rather than placing the burden on the IdP operator, but we don't
live in an ideal world, of course.
Anyway, please feel free to raise a support call with us if you need
advice about the exact attribute filter or resolver code you might need
to deploy to achieve this:
[log in to unmask]
Cheers,
Sara Hopkins
UK federation support team
On 11/12/2013 11:15, JOHNSON Paul wrote:
> Hi all
>
> We have just embarked on the rather scary journey of implementing our
> own Shibboleth IdP. Our IT project team have successfully registered the
> new IdP, which is hidden so that we can test against it while continuing
> to use Eduserv as our current Shibboleth provider.
>
> As part of the preparation I have been asked to help liaise with all our
> eresource providers to make sure we present the correct Attributes with
> relevant data and the team have asked me if I can find out if there is a
> general consensus on how individual resources are restricted from some
> groups of students.
>
> ·e.g. If we want to remove access permissions for a few of our
> restricted resources to our overseas HESA registered partner students
> what would we change in the Shibboleth setup/attributes to enable this.
>
> Apologies if there is an obvious solution – I’m keen to make sure we
> follow best practice but I am not very experienced in all things
> Shibboleth.
>
> We are using all the guidance we can find from the UK Federation site:
> http://www.ukfederation.org.uk/content/Documents/AttributeUsage
>
> but if there are any other relevant resources to help answer basic
> questions like this please feel free to point me (politely J ) in the
> right direction and to stop asking such daft questions.
>
> Many thanks
>
> Paul
>
> ______________________________________
>
> paul johnson | information landscape librarian
>
> staffordshire university | thompson library
>
> [log in to unmask] <mailto:[log in to unmask]> |01782 294770
>
>
> ------------------------------------------------------------------------
> The information in this email is confidential and is intended solely for
> the addressee. Access to this email by anyone else is unauthorised.
>
> If you are not the intended recipient, any disclosure, copying,
> distribution or any action taken or omitted to be taken in reliance on
> it, except for the purpose of delivery to the addressee, is prohibited
> and may be unlawful. Kindly notify the sender and delete the message and
> any attachment from your computer.
--
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web: http://www.ukfederation.org.uk/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|